Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

[9.191] Difficulty applying license after expiration

January 8, 2014, 1:51 pm
$
0
0
Hi, the trial license on my beta system expired, so I uploaded my Home User license when prompted...

1. A bunch of warnings appeared on screen about SPX customization not being allowed with the home license
I hit 'ok' or apply again...

2. nothing appeared to happen, so I hit 'apply' again

3. nothing appeared to happen; gave it over 1 min, then reloaded the page in the browser, and logged in again and it was OK.

Shouldn't the page auto-refresh or redirect after the license is applied?

Thanks,
Barry
Search

Setting up a toshiba VOIP connected to a sophos utm (while still listening on its wan

January 8, 2014, 7:57 pm
$
0
0
hi,

I just replaced my sonicwall with a sophos utm 220.

Currently sophos device and toshiba voip are behind a linksys 4 port switch at the same hierachy level.

the toshiba strata cx670 listens on a wan ip.

I specifically asked if I can have the toshiba strata listen on a lan ip and I configure nat etc.. but the vendor specifically said

"For your info, voice communication systems should not be blocked by firewall. Hence, the Toshiba system has to sit before firewall, using WAN IP."


(as a matter of fact, previously on the sonicwall, we tested and it failed)


I want to check and see if the sophos utm 220 can put the toshiba voip plugged into eg: eth7 , yet have it bypass the firewall/nat altogether (ie: the toshiba voip still listens on its wan ip). that way I can eliminate 1 extra device on my network


See attached pictures. thanks



How can I make a firewall rule whose source is a member of a Active Directory?

January 8, 2014, 11:20 pm
$
0
0
Hi,

I am trying to use one of the user from Active Directory as a source for the firewall rule.

This rule establishes for Viber users and looks like this:

User (from AD) -> Viber Port -> Any

So for this is not working. When I enter the user IP it works but I need to do it for AD user instead of IP.

I need help to do so.

Webadmin Logout Time

January 8, 2014, 11:55 pm
$
0
0
Hello Guys,

is it possible to create a user whitout the automatic logout?

best regards,

Chris

private Messages does not work?

January 9, 2014, 2:42 am
$
0
0
Hello

i'd tried to send an PM to an user of this board. When i look in my UserCP i cant find a sent message, it shows (0). Does the PM Feature work properly?

[9.191-2] Prefix Advertisement

January 9, 2014, 5:01 am
$
0
0
I have a DHCPv6 Server which is not running on UTM. Now the Client becomes 3 IPv6 addresses: 2 from UTM, 1 from DHCP.

In Webadmin I can't set the "AdvManagedFlag" to "on" and "AdvAutonomous" to "off".
Is it possible to implement these options in Webadmin/Prefix Advertisement or somewhere else ?

thanks a lot
Urs

hint:
The Cable Guy: The DHCPv6 Protocol

Both M and O Flags are Set to 1.
DHCPv6 is used for both addresses and other configuration settings. This combination is known as DHCPv6 stateful, in which DHCPv6 is assigning stateful addresses to IPv6 hosts.

QoS Bandwidth limit up / down not working since update to 9.191-2 (24 dec 2013)

January 9, 2014, 5:31 am
$
0
0
I have a UTM120 hardware appliance running in a complex for small businesses.
There are around 40 end users which are connected to the UTM through multiple Netgear GS724T switches.
There is a single fiber WAN line active with a max speed of 100 mbit.

For those end users I’ve defined 6 different max bandwidths (5 / 12 / 20 / 30 / 50 / 80 mbit).
Every limit has its own VLAN on the UTM and DHCP provides the end users with a IP address.

Half dec-2013 I’ve been configuring the QoS section and tested all VLAN’s for there limits, which all worked.
Now, assumable since the latest update, it looks like the limit aren’t take into account anymore.

Previous to the update speedtest.net gave me a short peak at the start of 30 mbit when testing a 20 mbit user and after a second or 2 the connect went flat on 20 mbit for both download and upload.
Now the same test with a 20 mbit end user gives me a 10-50 speed on both download and upload with the speedtest.net meter hanging for a couple of seconds every now and then. I’m aware of flash based speedtests aren’t very accurate with QoS active, but it worked fine in the first place.

Ok, what have I been configuring:

INTERFACES & ROUTING
- Interfaces -> [ 1 Default (WAN) ]
- Interfaces -> [ 6 different VLAN’s ]

- QoS -> Status -> Default (WAN) is ON, rest of the interfaces are OFF (see screenshot)

- QoS -> Traffic Selectors -> For each network group I defined 2 traffic selectors (Advanced section left empty)
1. Network_Inbound / Internet IPv4 -> Any -> {network_group}
2. Network_Outbound / {network_group} -> Any -> Internet IPv4

- QoS -> Bandwidth Pools -> Bound to Default (WAN) / 2 rules for prioritizing SIP and RTP (probably not related to this issue)

- QoS -> Download Throttling -> Bound to Default (WAN) / For each network group
1. Network_Inbound / Limit # kbit/s for each destination over traffic selector 1
2. Network_Outbound / Limit # kbit/s for each source over traffic selector 2

DEFINITIONS & USERS
- Network Definitions -> [ 6 different network groups for each ‚subscription’ ]
- Network Definitions -> [ Networks_All group with all 6 groups included ]
(Groups are defined on the network for example 192.168.1.0/24)

NAT
- Masquerading -> [ Networks_All -> Default (WAN) ]

My questions to you are:
- Is it possible that this is broken since the latest update from 24 dec 2013? Are there other users which have similar problems?
- Is this the best way to configure group based bandwidth (up and download) limitations?
- How is QoS working? Is it checking all rule prior to take action or does it read the list and take action on first match? (discarding any rules which have a higher priority number)

Let me know when you need more specific information.

Attached Images
File Type: png Screenshot 2014-01-09 14.18.27.png (22.2 KB)

When licensing Home Use received error “Cannot use ACC software license on ASG1xx dev

January 9, 2014, 7:26 am
$
0
0
Here is what I did and what I think I did wrong.
What I did: I found and old AMD PC with 4Gb of RAM and 37GB or HD space to use as a FW. Went to the myutm site and registered for a home license. Downloaded the license.
What I think I did wrong: From the download page, I downloaded the UTM 9 Software ISO (465MB) under the Sophos UTM (formerly Astaro Security Gateway) heading. I think for Home Use I was supposed to download the file under the Sophos UTM Manager heading called (Download ISO (515MB).
Cascade effect: The install worked perfectly but immediately after installation I attempted to license the software and received a “Cannot use ACC software license on ASG1xx device” error.
Later tonight I will download the 515 MB iso and see if that was the issue. In the meantime if anyone has any pointers for the N00b I would be happy to entertain them =).
Search

Mit der Red das ipSec nutzen

January 9, 2014, 7:31 am
$
0
0
Hallo,

ich habe folgende Konstellation.

RED <-> UTM <-> ipSec <-> Kundenstandort

die Red ist per bridged Mode mit der UTM verbunden. Sprich im gleichen Subnetz.
Der ipSec Tunnel zwischen dem Kundenstandort und unserer UTM steht und passt. Die Red kann diesen ipSec Tunnel aber nicht nutzen.

Red <-> UTM = funktioniert
UTM <-> Kundenstandort = funktioniert
Red <-> Kundenstandort = funktioniert nicht

Weis jemand gerade an welcher Schraube hier zu drehen ist ?

Danke & Grüße

routing with metric

January 9, 2014, 8:03 am
$
0
0
Hi,
we need to configure 2 gateway routes to the same destination network (10.1.1.0/24) using 2 different gateways and different priority.
we configured the routes with different metric but when we try to activate them we get the following error
"The network '10.1.1.0/24' is already in use by the destination network attribute of the static route object 'to test net (2)'.
what we're doing wrong?
best would be to activate the second route only in case a monitoring process on the first route failed like the cisco route track.
thank you.
andy

RED10 Issue (Moved)

January 9, 2014, 10:21 am
$
0
0
RED10 problem!!!
My red device red10 v3 connect to the utm an shows up but no tunnel is up.
Reflashing the firmware with rsp tool dont fix the problem. Can I downgrade the red firmware. Where is the firmware located?

The Elder Scrolls Online Webfilter Exception

January 9, 2014, 10:29 am
$
0
0
Hallo,

falls hier noch ein paar TESO Spieler mit eingeschaltetem Web Filter sind und auch Probleme beim Updaten des Launcher haben hier die Exception :D

Target Domains
Code:
^https?://([A-Za-z0-9.-]*\.)?launcher.bethesda\.net/
^https?://([A-Za-z0-9.-]*\.)?patcher.elderscrollsonline\.com/



Grüße
Squitschy

Preshared Key Confict with other Connection - IPSec

January 9, 2014, 11:04 am
$
0
0
Hello,

I try to connect 2 Fritzbox to my Sophos UTM 9.1.
Servers net: 192.168.10.0/24
Fritzbox1: 192.168.0.0/24
Fritzbox2:192.168.3.0/24

The first one is connected fine with these settings:







But when I try to add the second connection, this is the result:





Keys are randoom generated with 64 ciphers each and definetly not equal.

What can i change to make it work?


Thx

Replacing old isa server

January 9, 2014, 1:01 pm
$
0
0
Hello folks,

I am planning on replacing old MS ISA server with Sophos UTM and i need advice on few things.

ISA has public dns server running on external ip address, with records for
published smtp and web servers located in internal network.
Can this be done with Sophos UTM, can it be a "real" dns server? And if yes, how?

ISA has one internal adapter, with ip address 192.168.10.1/24
and internal network range of 192.168.10.0-192.168.12.255.
I can not grasp how this network range thing works, but it works..

ISA internal adapter is connected to VLAN 10 on Cisco L3 switch.
Switch has total of 3 VLANs (10,11,12).
VLAN interfaces have ip addresses:
VLAN10 192.168.10.2/24
VLAN11 192.168.11.1/24
VLAN12 192.168.12.1/24

Switch uses ISAs ip 192.168.10.1 as gateway of last resort.

Question is, would it be better to use 3 interfaces on utm and connect each to different VLAN, or to do VLAN tagging on utm, maybe on lag interface?
Or is there a third way to do it?


Kind regards,
MarkoS

[BUG][9.191-2] SSL VPN User Portal profiles for Android don't have extension

January 9, 2014, 8:19 pm
$
0
0
To preface this bug, I need to manually move the VPN profile file downloaded from the UTM to a mobile device as my UTM WebAdmin and UserPortal are using Self Signed certs and Android doesn't download content from sites with Self Signed certs!

I continue.

I'm using an Android 4.2 device. Have configured SSL VPN and downloaded the SSL VPN profile to a local browser. However. I've noticed that the downloaded profile does NOT have an extension. Previously I've noticed that the SSL VPN profiles have a .OVPN extension. Now they don't have anything.

Android file manager gets confused, as in my case, the file name is aaron@utm-work.mooo.com - the file manager see the binary file type as .COM and freaks ever so slightly...

The issue, when reviewed is minor, however it creates a rift in user experience as the Android VPN application which we recommend through the user portal will now not natively handle the VPN profiles now offered in the v9.2 BETA for mobile devices.

Is it possible to get the extension added back on? otherwise it then needs lots of manual file handling to and profile importation to get the Android SSL VPN configured.
Search

Kann VPN-Zertifikat nicht auf iPad installieren

January 10, 2014, 12:49 am
$
0
0
Hallo,

ich wollte nun auf einem neuen iPad das VPN-Zertifikat installieren.

Dazu habe ich mich mit dem iPad über das User-Portal angemeldet, gehe auf den Reiter "Fernzugriff" und wähle den untersten Punkt aus.

Dann kommt die Fehlermeldung "Datei kann nicht mit Safari geladen werden".

Das hatte bisher immer problemlos funktioniert. Ein weiteres iPad ist so ins VPN gebracht worden.

Kennt einer eine Lösung?

Danke
Christoph

Unable do remove IPSec policies auto-generated by ACC

January 10, 2014, 1:29 am
$
0
0
Devices have been moved to different organizational units in SUM (ACC). Some of the device keep the IPSec policies auto-generated by ACC and some do not. None of them is in the (Global) unit anymore.

I want to remove the IPSec policies auto-generated by ACC from all devices. It was not possible for me so far. Even if I delete all ACC configs from a device, they return after rejoining the UTM to the ACC.

Any ideas? I appreciate your help.

Sophos UTM 9(Virtuelle maschine) hat das Netzwerk abgeschossen

January 10, 2014, 2:24 am
$
0
0
Hallo zusammen,

wie in der Überschrift geschrieben, hat die Virtuelle Maschine Sophos UTM 9 das Netzwerk lahmgelegt

Bei Testkonfiguration der ersten Maschine lief alles gut, ich habe Backup von der Maschine gemacht um auszuprobieren ob alle Einstellungen übernommen werden, dabei ist das gesamte Netzwerk zusammengebrochen(Die UTM hat die switche abgeschaltet)

Die Frage ist wie ist das möglich, dass beim Draufspielen eines Backups das ganze Netzwerk Lahmgelegt wird??:confused:

sichtbarer hostname für proxy

January 10, 2014, 4:43 am
$
0
0
Moin Moin,

ich habe die WebAdmin hoch wie runter durchsucht aber nichts gefunden für folgendes Problem:

Kann ich der UTM 9 einen (zweiten) sichtbaren Hostnamen vergeben damit Browser diesen als Proxy aufrufen ohne das der eigentliche Hostname der UTM geändert werden muss

Besten Dank im Voraus für Antworten

tolotos

Bestimmte Werbung

January 10, 2014, 5:02 am
$
0
0
HI,

besteht die Möglichkeit, bei aktiviertem Webfilter für Werbung für bestimmte Seiten die Werbung wieder freizuschalten?

Leider verweigert Voxnow usw. ohne deaktiviertem Webfilter die Ansicht

Gruß


Robert
Viewing all 14361 articles
Browse latest View live
Search